The last few days have been a nightmare for bZx, a decentralized finance (DeFi) lending protocol provider.
Just a few hours after confirming that an exploit on its protocol towards the end of last week, resulted in the loss of 1,193 ETH, (appr. $298,000), bZx co-founder Kyle Kistner confirmed on the project’s Telegram channel that they’d been attacked again.
“This attack appears to be an oracle manipulation attack,” Kistner had announced on the group with the estimated loss being 2,388 ETH (appr. $645,000). For the time being, bZx has paused its protocol (for the second time in a week) with investigations revealing an ETH transaction similar to the one executed before the weekend.
As Coinfomania reported following the initial attack, the current development has called the concept of DeFi into question since the protocol remains at the mercy of a centralized authority. At the same time, hackers can exploit vulnerabilities inherent with the product.
For instance, the attack on Feb 15, had taken advantage of the flashloan feature designed to allow arbitrage trading of assets across different open-source exchanges.
The attacker, on that occasion, gamed the protocol by writing a malicious contract that let him end up with a significant value of ETH from the bZx balance. Coupled with the latest development means that the amount of ETH lost by bZx from both attacks is now approximately $940,000.
Meanwhile, data from DeFi Pulse further shows that the total value of ETH locked in bZx protocol dropped by 24.1% in the last 24 hours, recording a press time value of $13.29 million. At the start of the day, the total USD value locked in bZx was $19.44 million.
bZx subsequently confirmed that the total amount lost to the second attack is $600,000, a figure lower than the estimated $645,000. However, the firm reassured users that the system can recover from the loss since the team was able to delay the realization of the loss.
Note: This article has been updated to included bZx’s confirmation of the total amount lost to the second attack